Commit 421fae06 authored Aug 06, 2008 by Vesa-Matti Kari Committed by James Morris Aug 07, 2008

selinux: conditional expression type validation was off-by-one



expr_isvalid() in conditional.c was off-by-one and allowed
invalid expression type COND_LAST. However, it is this header file
that needs to be fixed. That way the if-statement's disjunction's
second component reads more naturally, "if expr type is greater than
the last allowed value" ( rather than using ">=" in conditional.c):

  if (expr->expr_type <= 0 || expr->expr_type > COND_LAST)

Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi>
Signed-off-by: James Morris <jmorris@namei.org>

parent 15446235

security/selinux/ss/conditional.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -28,7 +28,7 @@ struct cond_expr {
		#define COND_XOR 5 /* bool ^ bool */
		#define COND_EQ 6 /* bool == bool */
		#define COND_NEQ 7 /* bool != bool */
		#define COND_LAST 8
		#define COND_LAST COND_NEQ
		__u32 expr_type;
		__u32 bool;
		struct cond_expr *next;